.
Check Point Software Technologies has released its cybersecurity forecasts for 2023, detailing the key security challenges organizations will face in the coming year.
Cyber-attacks in all industrial sectors recorded a 28% increase in the third quarter of 2022 compared to 2021, and Check Point predicts a continued and sharp increase worldwide, driven by the increase in ransomware attacks and hacktivism mobilized by states, driven by international conflicts.
At the same time, organizations’ security teams will face increasing pressure as the global 3.4 million workers cybersecurity expertise is growing, and governments are expected to introduce new regulations to protect citizens from failure.
In 2022, cybercriminals and state-linked threat actors continued to exploit the hybrid working practices of organizations, and the increase in these attacks shows no sign of slowing down as the Russia-Ukraine conflict continues to have a profound impact at the global level. world. Organizations need to consolidate and automate their security infrastructures to allow them to better monitor and manage their attack surfaces and prevent all types of threats with less complexity and less need for human resources.
Check Point’s cybersecurity predictions for 2023 fall into four categories: malware and phishing; hacktivism; emerging government regulations; and security consolidation.
Increase in malware and hacking exploits
● Ransomware will not give you rest: this was the main threat for organizations in the first half of 2022, and the ransomware ecosystem will continue to evolve and grow with smaller, more agile criminal groups that form to evade law enforcement.
Compromising collaboration tools: While phishing attempts against business and personal email accounts are a daily threat, in 2023 criminals will expand their scope to target business collaboration tools like Slack, Teams, OneDrive and Google Drive with phishing exploits. These are a rich source of sensitive data, as most employees in organizations often continue to work remotely.
Evolution of hacktivism and deepfakes
Hacktivism mobilized by the State: In the past year, hacktivism has evolved from social groups with flexible agendas (such as Anonymous) to groups supported from within states, which are more organized, structured, and sophisticated. These groups attacked targets in the US, Germany, Italy, Norway, Finland, Poland and Japan recently, and these ideological attacks will continue to grow in 2023.
Deepfakes as a weapons: in October 2022, a US President Joe Biden deepfake performing ‘Baby Shark’ instead of the national anthem, was widely publicized. Was this a joke, or an attempt to influence the important 2022 US elections? Deepfakes’ technology will increasingly be used to target and manipulate opinions, or to trick employees into giving away access credentials.
Governments reinforce measures to protect citizens
New laws around data breach: O attack committed to the Australian operator Optus, led the country’s government to introduce new data breach regulations that other telecom operators must follow, to protect the consumer against subsequent fraud. We will see other national governments following this example in 2023, in addition to existing measures such as GDPR.
New national task forces against cybercrime: more governments will follow suit example from singapore to create inter-agency task forces to combat ransomware and cybercrime, bringing together businesses, state departments and law enforcement to combat the growing threat to commerce and consumers. These efforts partly stem from questions about whether the cyberinsurance sector can be considered as a safety net for cyber incidents.
Mandatory security and privacy by default: The automotive industry has already moved to introduce measures to protect vehicle owner data. This example will be followed in other areas of consumer goods that store and process data, holding manufacturers accountable for vulnerabilities in their products.
Consolidation issues
Reduce complexity to reduce risk: The global cyber-skills gap grew by more than 25% in 2022. However, organizations have more complex and more distributed networks and more cloud deployments than ever before due to the pandemic. Security teams need to consolidate their IT and security infrastructures to improve their defenses and reduce their workload to help them stay ahead of threats. More than two-thirds of CISOs stated that working with fewer vendor solutions would increase their company’s security.
Check Point Executives Predictions
Mark Ostrowski, Office of the CTO, Check Point Software
- “Deepfakes will go mainstream with hacktivists and cybercriminals leveraging videos and voicemails for successful phishing and ransomware attacks.”
Maya Horowitz, VP of Research, Check Point Software
- “We are entering a new era of hacktivism, with an increase in attacks motivated by political and social causes. Threat actors are becoming increasingly brazen and will shift their attention to critical infrastructure.”
Micki Boland, CTO Office, Check Point Software
- “We will see a nation-state leading a prolonged and sustained attack against the US electrical grid, leading to power disruptions impacting critical business and social functions.”
Deryck Mitchelson, EMEA CISO, Check Point Software
- “We will see a lot more debate around and push for safety regulation as the current carrot and stick approach has not worked.”
Dan Wiley, Head of Threat Management, Check Point Software
- “The cyber insurance industry is undergoing major tectonic shifts. Companies will most likely not be able to rely on insurance as a safety net for cyber incidents. As we have seen with the automotive industry, policymakers will act to protect their constituents with legislation that holds manufacturers accountable for software deficiencies that create cyber vulnerabilities. In turn, this will put the burden on software vendors to build on security validations.”
Jeremy Fuchs, Research Analyst, Avanan, a Check Point company
- “While email and phishing go hand in hand and will continue to be dangerous and proliferate, in 2023 cybercriminals will also turn to enterprise collaboration engagement, with phishing attacks used to access Slack, Teams, OneDrive, Google Drive, etc. Employees are often on the loose with sharing data and personal information while using these enterprise applications, making them a lucrative source of data for hackers.”
Jony Fischbein, CISO, Check Point Software
- “In our multi-hybrid environment, many CISOs struggle to build a comprehensive security program with multiple vendors. In 2023, CISOs will scale back the number of security solutions deployed in favor of a single, comprehensive solution to reduce complexity.”
Oded Vanunu, Head of Products Vulnerability Research, Check Point Software
- A dramatic increase in digital scams, due to a global economic slowdown and inflation. Cybercriminals will increasingly turn to social media campaigns via Telegram, WhatsApp and other popular messaging apps. There will also be more cyberattacks on Web3 blockchain platforms, mainly to bypass their users’ platforms and Crypto Assets.”
Other interesting articles:
.
